| HanGmanXXL | 30.08.2013 19:04 |
Windows Server 2008 R2: ZeroAccess Rootkit?
Hallo,
nun hat es mich tatsächlich auch mal erwischt.
Symptome:
- Kein Zugriff über das LAN auf den Rechner
- Windows-Firewall im Server-Manager nicht aktivierbar, Fehlermeldung-Code: 0x6D9. (Das Snap-In "Windows-Firewall mit erweiterter Sicherheit" konnte nicht geladen werden.
- Hyper-V nicht funktionstüchtig
Logs: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Administrator (administrator) on 30-08-2013 19:44:09
Running from C:\Users\Administrator\Desktop
Windows Server 2008 R2 Datacenter Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\memcached\memcached.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
() C:\programme\mysql\mysql server 5.6\bin\mysqld.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apache Software Foundation) C:\PROGRA~1\MySQL\ENTERP~1\Monitor\apache-tomcat\bin\tomcat6.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
() C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
() C:\Program Files (x86)\Subsonic\subsonic-service.exe
() C:\Program Files\Synergy\synergyd.exe
(SparkLabs) C:\Program Files\Viscosity\ViscosityService.exe
() C:\Program Files\Synergy\synergyc.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Microsoft Corporation) C:\Windows\system32\vmms.exe
(Microsoft Corporation) C:\Windows\system32\wsrm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\Subsonic\subsonic-agent.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-18] (Google Inc.)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [MSUTray] - C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1213952 2012-06-13] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Synergy] - C:/Program Files/Synergy/synergy.exe [x]
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli rassfm
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk
ShortcutTarget: Subsonic.lnk -> C:\Program Files (x86)\Subsonic\subsonic-agent.exe ()
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8080
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{BB432638-BC65-41DE-83CB-C8F08EA5058B}: [NameServer]192.168.0.1
Tcpip\..\Interfaces\{EE39A05D-9293-4F32-89B7-684DB83634E9}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Html Validator - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF Extension: firebug - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default\Extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook
==================== Services (Whitelisted) =================
R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S3 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 memcache_test; c:\memcached2\memcached.exe [370730 2010-08-02] ()
S3 MSSQL$MICROSOFT##SSEE; C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe [39627104 2010-12-10] (Microsoft Corporation)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-22] (Apache Software Foundation)
S4 mysql; C:\xampp\mysql\bin\mysqld.exe [8186368 2012-07-20] ()
R2 MySQL56; C:\programme\mysql\mysql server 5.6\bin\mysqld.exe [12837888 2013-04-05] ()
S2 MySQLEnterpriseMonitorAgent; C:\Program Files (x86)\MySQL\Enterprise\Agent\bin\mysql-monitor-agent.exe [29184 2013-02-12] ()
R2 MySQLEnterpriseTomcat; C:\PROGRA~1\MySQL\ENTERP~1\Monitor\apache-tomcat\bin\tomcat6.exe [96256 2012-01-19] (Apache Software Foundation)
S4 mysql_56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14419 2013-07-23] ()
R2 nvspwmi; C:\Windows\system32\nvspwmi.dll [407040 2010-11-20] (Microsoft Corporation)
R2 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
S2 redis; C:\Program Files\Redis\redis-service.exe [73728 2012-02-11] ()
S3 rqs; C:\Windows\system32\rqs.exe [41472 2010-11-20] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
S2 SDLService; C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [95264 2010-03-26] ()
S3 SMTPSVC; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2013-04-17] ()
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [423424 2013-05-03] ()
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 vhdsvc; C:\Windows\system32\vhdsvc.dll [193024 2010-11-20] (Microsoft Corporation)
R2 ViscosityService; C:\Program Files\Viscosity\ViscosityService.exe [46680 2013-07-16] (SparkLabs)
R2 vmms; C:\Windows\system32\vmms.exe [4625408 2010-11-20] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
R2 WSRM; C:\Windows\system32\wsrm.exe [1330688 2009-07-14] (Microsoft Corporation)
R2 memcached; "C:\memcached\memcached.exe" -d RunService -p 11211 -m 64 -c 1024 -f 1.25 -n 48 [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a0579574-a93c-081b-547b-6155db964047}\ \...\???\{a0579574-a93c-081b-547b-6155db964047}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-04-05] (Windows (R) Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-04-05] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-05] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-05] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-20] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-20] ()
R1 hvboot; C:\Windows\System32\drivers\hvboot.sys [118128 2012-08-22] (Microsoft Corporation)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-22] ()
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-22] ()
R3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [20992 2010-11-20] (Microsoft Corporation)
R3 rtkio; C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [17392 2010-01-21] (Windows (R) Codename Longhorn DDK provider)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [17408 2010-11-20] (Microsoft Corporation)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [38856 2013-07-16] (The OpenVPN Project)
R3 VMSMP; C:\Windows\System32\DRIVERS\vmswitch.sys [407552 2011-05-14] (Microsoft Corporation)
S3 VMSP; C:\Windows\System32\DRIVERS\vmswitch.sys [407552 2011-05-14] (Microsoft Corporation)
U3 pwpdaaog; \??\C:\Users\ADMINI~1\AppData\Local\Temp\1\pwpdaaog.sys [x]
==================== NetSvcs (Whitelisted) ===================
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
2013-08-30 19:30 - 2013-08-30 19:30 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-08-30 19:29 - 2013-08-30 19:29 - 01579080 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-08-30 19:29 - 2013-08-30 19:29 - 00377856 _____ C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
2013-08-30 19:29 - 2013-08-30 19:29 - 00050477 _____ C:\Users\Administrator\Desktop\Defogger.exe
2013-08-30 19:25 - 2013-08-30 19:44 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\1
2013-08-30 19:25 - 2013-08-30 19:25 - 00000022 _____ C:\Windows\S.dirmngr
2013-08-30 19:22 - 2013-08-30 19:22 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\WPDNSE
2013-08-30 19:17 - 2013-08-30 19:17 - 03771904 _____ C:\Users\dev\Downloads\RogueKillerX64.exe
2013-08-30 19:13 - 2013-08-30 19:13 - 00000000 ____D C:\Users\dev\AppData\Roaming\Malwarebytes
2013-08-30 19:04 - 2013-08-30 19:09 - 00000000 ____D C:\Users\dev\AppData\Roaming\vlc
2013-08-30 18:49 - 2013-08-30 18:50 - 00010356 _____ C:\Windows\SP5.LOG
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AD.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AC.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AB.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AA.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp61A0.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp619F.tmp
2013-08-30 17:53 - 2013-08-30 18:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 17:53 - 2013-08-30 17:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-30 17:43 - 2013-08-30 17:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-08-30 17:42 - 2013-08-30 17:42 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-30 17:42 - 2013-08-30 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-30 17:42 - 2013-08-30 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 17:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-30 17:39 - 2013-08-30 17:39 - 00000000 ____D C:\AdwCleaner
2013-08-30 17:35 - 2013-08-30 17:35 - 00000774 _____ C:\Users\ADMINI~1\AppData\Local\Temp\ScanAgent.log
2013-08-30 17:35 - 2013-08-30 17:35 - 00000400 _____ C:\Users\ADMINI~1\AppData\Local\Temp\reimage.log
2013-08-30 17:35 - 2013-08-30 17:35 - 00000002 _____ C:\Users\ADMINI~1\AppData\Local\Temp\ack.txt
2013-08-30 17:34 - 2013-08-30 17:34 - 00000000 ____D C:\ProgramData\CDB
2013-08-30 17:33 - 2013-08-30 17:35 - 00000127 _____ C:\Windows\Reimage.ini
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3103.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3102.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp30F1.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp30F0.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3025.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3024.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000085 _____ C:\Windows\wininit.ini
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8C.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8B.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8A.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E89.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1D8F.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1D8E.tmp
2013-08-30 17:24 - 2013-07-31 18:01 - 00001079 _____ C:\Windows\system32\Drivers\etc\hosts.20130830-172453.backup
2013-08-30 17:15 - 2013-08-30 17:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-30 17:15 - 2013-08-30 17:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-30 17:14 - 2013-08-30 17:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-30 17:11 - 2013-08-30 17:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-30 03:36 - 2013-08-30 03:37 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\CR_0EEF1.tmp
2013-08-27 18:54 - 2013-08-27 18:54 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-08-27 18:53 - 2013-08-27 18:53 - 21700280 _____ C:\Users\dev\Downloads\SeaToolsforWindowsSetup-1208.exe
2013-08-27 18:50 - 2013-08-27 18:50 - 00554465 _____ C:\Users\dev\Downloads\Hutil210_FDD.zip
2013-08-27 18:50 - 2013-08-27 18:50 - 00554465 _____ C:\Users\dev\Downloads\Hutil210_FDD(1).zip
2013-08-24 15:15 - 2005-05-02 14:23 - 00006757 _____ C:\Users\Administrator\Documents\MacMerc.comComicArtEffect.atn
2013-08-22 17:19 - 2013-08-22 17:19 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-22 17:19 - 2013-08-22 17:19 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-22 17:19 - 2013-08-22 17:19 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-22 17:19 - 2013-08-22 17:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-22 17:19 - 2013-08-22 17:19 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-22 17:19 - 2013-08-22 17:19 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-22 17:19 - 2013-08-22 17:19 - 00000000 ____D C:\Program Files\Java
2013-08-22 17:19 - 2013-08-22 17:19 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\RDA24.tmp
2013-08-22 17:15 - 2013-08-22 17:32 - 00000000 ____D C:\closure
2013-08-20 19:04 - 2013-08-20 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GalileoPress
2013-08-17 08:33 - 2013-08-19 08:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 10:27 - 2013-08-15 10:27 - 00002406 _____ C:\Users\Administrator\Documents\Hilfecenter.sql
2013-08-15 08:42 - 2013-08-30 19:25 - 00000963 _____ C:\Windows\setupact.log
2013-08-15 08:42 - 2013-08-15 08:42 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 14:10 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 14:10 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 14:10 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 14:10 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 14:10 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 14:10 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 14:10 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 14:10 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 14:10 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 14:10 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 14:10 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 14:10 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 14:10 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 14:10 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 14:10 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 14:10 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 14:10 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 14:10 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 14:10 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 14:10 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 14:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 14:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 14:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 14:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 14:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 14:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 14:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 14:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 14:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 14:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 14:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 14:09 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 14:09 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 14:09 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 14:09 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 14:09 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 14:09 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 14:09 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 14:09 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 14:09 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 14:09 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 14:09 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 14:09 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 14:09 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 14:09 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 14:09 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 14:09 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 14:09 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 14:09 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 14:09 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 14:09 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 14:09 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 14:09 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 14:09 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 14:09 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 14:09 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 14:09 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 14:09 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 09:29 - 2013-08-14 09:31 - 00000000 ____D C:\Users\Administrator\Documents\dumps
2013-08-14 09:25 - 2013-08-14 09:25 - 64762592 _____ C:\Users\Administrator\Documents\db_backup_20130814.zip
2013-08-13 10:59 - 2013-08-13 11:01 - 00000000 ____D C:\Program Files\Common Files\Viscosity
2013-08-13 09:20 - 2013-08-13 09:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Viscosity
2013-08-13 09:20 - 2013-08-13 09:20 - 00000000 ____D C:\Program Files\Viscosity
2013-08-13 09:20 - 2013-07-16 00:54 - 00038856 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\visctap0901.sys
2013-08-12 08:03 - 2013-08-12 08:03 - 00000602 _____ C:\Users\Administrator\w2dcpchk.php
2013-08-10 15:25 - 2013-08-14 14:12 - 00000000 ____D C:\Windows\system32\MRT
2013-08-09 16:49 - 2013-08-09 16:49 - 00000000 ____D C:\memcached2
2013-08-09 16:35 - 2013-08-09 16:44 - 00000000 ____D C:\msysgit
2013-08-06 16:43 - 2013-08-06 16:43 - 00000000 ____D C:\Program Files\MemCacheD
2013-08-06 16:41 - 2013-08-06 16:41 - 00000123 _____ C:\Users\ADMINI~1\AppData\Local\Temp\CFG3E5B.tmp
2013-08-06 16:41 - 2013-08-06 16:41 - 00000000 ____D C:\Program Files (x86)\MemCacheD Manager
2013-08-06 11:16 - 2009-12-16 11:47 - 00000000 ____D C:\memcached
2013-08-01 09:37 - 2013-08-01 09:41 - 00000000 ____D C:\Users\Administrator\Documents\Fiddler2
2013-08-01 09:37 - 2013-08-01 09:37 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\DMIC41E.tmp
2013-07-31 16:56 - 2013-07-31 17:25 - 00029536 _____ C:\Users\Administrator\Documents\categories_neu.sql
2013-07-31 11:57 - 2013-07-31 11:57 - 00042057 _____ C:\Users\Administrator\Documents\categories.sql
==================== One Month Modified Files and Folders =======
2013-08-30 19:44 - 2012-12-18 12:57 - 00000512 _____ C:\Windows\SysWOW64\za_mv_raid.ev
2013-08-30 19:44 - 2012-12-18 11:36 - 00000112 _____ C:\Windows\seqlog
2013-08-30 19:44 - 2011-11-22 05:08 - 00089088 _____ C:\Windows\SysWOW64\freqdb.db
2013-08-30 19:36 - 2012-12-18 11:45 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500UA.job
2013-08-30 19:35 - 2009-07-14 06:49 - 00034768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 19:35 - 2009-07-14 06:49 - 00034768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 19:30 - 2013-08-30 19:30 - 00000000 ____D C:\FRST
2013-08-30 19:30 - 2013-08-30 19:30 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-08-30 19:30 - 2013-04-05 18:37 - 25808896 _____ C:\Windows\system32\vmguest.iso
2013-08-30 19:30 - 2012-12-18 18:22 - 01464653 _____ C:\Windows\WindowsUpdate.log
2013-08-30 19:30 - 2012-12-18 18:22 - 00000000 ____D C:\Users\Administrator
2013-08-30 19:30 - 2009-07-14 09:17 - 00839796 _____ C:\Windows\system32\perfh007.dat
2013-08-30 19:30 - 2009-07-14 09:17 - 00201772 _____ C:\Windows\system32\perfc007.dat
2013-08-30 19:30 - 2009-07-14 07:10 - 01989262 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 19:29 - 2013-08-30 19:29 - 01579080 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-08-30 19:29 - 2013-08-30 19:29 - 00377856 _____ C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
2013-08-30 19:29 - 2013-08-30 19:29 - 00050477 _____ C:\Users\Administrator\Desktop\Defogger.exe
2013-08-30 19:25 - 2013-08-30 19:25 - 00000022 _____ C:\Windows\S.dirmngr
2013-08-30 19:25 - 2013-08-15 08:42 - 00000963 _____ C:\Windows\setupact.log
2013-08-30 19:25 - 2012-12-18 18:28 - 00008260 _____ C:\Windows\SysWOW64\mvaccelerator.log
2013-08-30 19:25 - 2012-12-18 11:36 - 00008710 _____ C:\Windows\Tray.log
2013-08-30 19:25 - 2009-07-14 07:06 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 19:24 - 2012-12-18 12:11 - 00013460 _____ C:\Windows\PFRO.log
2013-08-30 19:22 - 2013-08-30 19:22 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\WPDNSE
2013-08-30 19:17 - 2013-08-30 19:17 - 03771904 _____ C:\Users\dev\Downloads\RogueKillerX64.exe
2013-08-30 19:13 - 2013-08-30 19:13 - 00000000 ____D C:\Users\dev\AppData\Roaming\Malwarebytes
2013-08-30 19:10 - 2013-04-12 11:47 - 00000000 ____D C:\subsonic
2013-08-30 19:09 - 2013-08-30 19:04 - 00000000 ____D C:\Users\dev\AppData\Roaming\vlc
2013-08-30 18:54 - 2013-08-30 17:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 18:50 - 2013-08-30 18:49 - 00010356 _____ C:\Windows\SP5.LOG
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AD.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AC.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AB.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AA.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp61A0.tmp
2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp619F.tmp
2013-08-30 17:53 - 2013-08-30 17:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-30 17:43 - 2013-08-30 17:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-08-30 17:42 - 2013-08-30 17:42 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-30 17:42 - 2013-08-30 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-30 17:42 - 2013-08-30 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 17:39 - 2013-08-30 17:39 - 00000000 ____D C:\AdwCleaner
2013-08-30 17:35 - 2013-08-30 17:35 - 00000774 _____ C:\Users\ADMINI~1\AppData\Local\Temp\ScanAgent.log
2013-08-30 17:35 - 2013-08-30 17:35 - 00000400 _____ C:\Users\ADMINI~1\AppData\Local\Temp\reimage.log
2013-08-30 17:35 - 2013-08-30 17:35 - 00000002 _____ C:\Users\ADMINI~1\AppData\Local\Temp\ack.txt
2013-08-30 17:35 - 2013-08-30 17:33 - 00000127 _____ C:\Windows\Reimage.ini
2013-08-30 17:34 - 2013-08-30 17:34 - 00000000 ____D C:\ProgramData\CDB
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3103.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3102.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp30F1.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp30F0.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3025.tmp
2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3024.tmp
2013-08-30 17:27 - 2013-08-30 17:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-30 17:26 - 2013-08-30 17:26 - 00000085 _____ C:\Windows\wininit.ini
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8C.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8B.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8A.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E89.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1D8F.tmp
2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1D8E.tmp
2013-08-30 17:24 - 2013-08-30 17:15 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-30 17:16 - 2013-07-23 07:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.purple
2013-08-30 17:15 - 2013-08-30 17:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-30 17:11 - 2013-08-30 17:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-30 17:07 - 2013-07-05 08:34 - 00000600 _____ C:\Users\Administrator\AppData\Roaming\winscp.rnd
2013-08-30 09:45 - 2013-07-10 02:00 - 00350534 _____ C:\Users\ADMINI~1\AppData\Local\Temp\PDApp.log
2013-08-30 09:44 - 2013-05-02 18:02 - 00000453 _____ C:\Users\Administrator\Documents\diverses.sql
2013-08-30 03:37 - 2013-08-30 03:36 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\CR_0EEF1.tmp
2013-08-30 03:37 - 2012-12-18 11:45 - 00052553 _____ C:\Users\ADMINI~1\AppData\Local\Temp\chrome_installer.log
2013-08-30 03:37 - 2012-12-18 11:45 - 00002366 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-08-30 02:59 - 2012-12-18 18:29 - 64847575 _____ C:\Windows\backend.log
2013-08-30 02:00 - 2013-07-10 02:00 - 04134162 _____ C:\Users\ADMINI~1\AppData\Local\Temp\oobelib.log
2013-08-29 17:46 - 2013-03-20 12:36 - 00000000 ____D C:\Program Files (x86)\NetBeans 7.3
2013-08-29 16:58 - 2013-01-08 18:30 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2013-08-29 10:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-08-29 07:45 - 2012-12-18 11:45 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500Core.job
2013-08-29 02:00 - 2012-12-18 17:25 - 00000000 ____D C:\backups
2013-08-27 18:54 - 2013-08-27 18:54 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-08-27 18:53 - 2013-08-27 18:53 - 21700280 _____ C:\Users\dev\Downloads\SeaToolsforWindowsSetup-1208.exe
2013-08-27 18:50 - 2013-08-27 18:50 - 00554465 _____ C:\Users\dev\Downloads\Hutil210_FDD.zip
2013-08-27 18:50 - 2013-08-27 18:50 - 00554465 _____ C:\Users\dev\Downloads\Hutil210_FDD(1).zip
2013-08-24 16:18 - 2013-04-12 11:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2013-08-24 15:40 - 2009-07-14 07:07 - 00000000 ____D C:\Windows\system32\ServerManager
2013-08-22 17:32 - 2013-08-22 17:15 - 00000000 ____D C:\closure
2013-08-22 17:19 - 2013-08-22 17:19 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-22 17:19 - 2013-08-22 17:19 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-22 17:19 - 2013-08-22 17:19 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-22 17:19 - 2013-08-22 17:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-22 17:19 - 2013-08-22 17:19 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-22 17:19 - 2013-08-22 17:19 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-22 17:19 - 2013-08-22 17:19 - 00000000 ____D C:\Program Files\Java
2013-08-22 17:19 - 2013-08-22 17:19 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\RDA24.tmp
2013-08-22 17:19 - 2013-06-26 07:59 - 00011291 _____ C:\Users\ADMINI~1\AppData\Local\Temp\JavaDeployReg.log
2013-08-22 17:19 - 2013-03-20 12:34 - 00161742 _____ C:\Users\ADMINI~1\AppData\Local\Temp\java_install.log
2013-08-22 17:19 - 2013-03-20 12:34 - 00009133 _____ C:\Users\ADMINI~1\AppData\Local\Temp\java_install_reg.log
2013-08-22 17:19 - 2013-03-20 12:34 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\hsperfdata_Administrator
2013-08-22 10:24 - 2013-07-17 10:36 - 00000000 ____D C:\Users\dev\AppData\Roaming\HandBrake
2013-08-22 08:10 - 2013-07-26 08:16 - 00000000 ____D C:\Users\Administrator\Documents\Jan
2013-08-20 19:04 - 2013-08-20 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GalileoPress
2013-08-19 11:03 - 2013-07-12 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\gnupg
2013-08-19 08:49 - 2013-08-17 08:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 08:49 - 2013-03-20 13:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-15 10:27 - 2013-08-15 10:27 - 00002406 _____ C:\Users\Administrator\Documents\Hilfecenter.sql
2013-08-15 08:42 - 2013-08-15 08:42 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 14:12 - 2013-08-10 15:25 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 14:11 - 2012-12-18 11:54 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 09:31 - 2013-08-14 09:29 - 00000000 ____D C:\Users\Administrator\Documents\dumps
2013-08-14 09:25 - 2013-08-14 09:25 - 64762592 _____ C:\Users\Administrator\Documents\db_backup_20130814.zip
2013-08-13 11:01 - 2013-08-13 10:59 - 00000000 ____D C:\Program Files\Common Files\Viscosity
2013-08-13 09:20 - 2013-08-13 09:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Viscosity
2013-08-13 09:20 - 2013-08-13 09:20 - 00000000 ____D C:\Program Files\Viscosity
2013-08-12 08:03 - 2013-08-12 08:03 - 00000602 _____ C:\Users\Administrator\w2dcpchk.php
2013-08-09 16:49 - 2013-08-09 16:49 - 00000000 ____D C:\memcached2
2013-08-09 16:44 - 2013-08-09 16:35 - 00000000 ____D C:\msysgit
2013-08-08 10:57 - 2013-07-12 10:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-08 10:11 - 2013-03-20 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-08-08 10:11 - 2013-03-20 12:54 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-08-06 16:43 - 2013-08-06 16:43 - 00000000 ____D C:\Program Files\MemCacheD
2013-08-06 16:41 - 2013-08-06 16:41 - 00000123 _____ C:\Users\ADMINI~1\AppData\Local\Temp\CFG3E5B.tmp
2013-08-06 16:41 - 2013-08-06 16:41 - 00000000 ____D C:\Program Files (x86)\MemCacheD Manager
2013-08-02 07:52 - 2013-07-29 16:02 - 00000000 ____D C:\Users\Administrator\ownCloud
2013-08-01 14:33 - 2012-12-18 17:07 - 00090880 _____ C:\Users\dev\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-01 13:05 - 2013-07-04 15:35 - 00002312 ____H C:\Users\Administrator\Documents\Default.rdp
2013-08-01 09:41 - 2013-08-01 09:37 - 00000000 ____D C:\Users\Administrator\Documents\Fiddler2
2013-08-01 09:37 - 2013-08-01 09:37 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\DMIC41E.tmp
2013-07-31 18:01 - 2013-08-30 17:24 - 00001079 _____ C:\Windows\system32\Drivers\etc\hosts.20130830-172453.backup
2013-07-31 17:25 - 2013-07-31 16:56 - 00029536 _____ C:\Users\Administrator\Documents\categories_neu.sql
2013-07-31 11:57 - 2013-07-31 11:57 - 00042057 _____ C:\Users\Administrator\Documents\categories.sql
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{a0579574-a93c-081b-547b-6155db964047}
C:\Users\ADMINI~1\AppData\Local\Temp\1\e4jBC8A.tmp_dir1377883539\i4jdel.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\de-DE => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-07-13 00:30
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by Administrator at 2013-08-30 19:44:19
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32)
3DPower B12.0406.2 (x32 Version: 1.00.0000)
3TB+Unlock B11.0919.1 (x32 Version: 1.00.0001)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ActivePerl 5.16.3 Build 1603 (64-bit) (Version: 5.16.1603)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Premiere Pro CS6 (x32 Version: 6.0)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe® Content Viewer (x32 Version: 3.1.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7)
bl (x32 Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
Dell Open Print Driver (x32 Version: 1.70.7813.0)
DriverCD (x32)
Easy Tune 6 B12.0626.1 (x32 Version: 1.00.0000)
EZ Setup B12.0509.01 (x32 Version: 1.00.0000)
Fiddler (x32 Version: 2.4.4.5)
GIGABYTE TweakLauncher (x32 Version: 12.04.26.1)
Google Chrome (HKCU Version: 29.0.1547.62)
Gpg4win (2.1.1) (x32 Version: 2.1.1)
HeidiSQL 8.0.0.4396 (x32 Version: 8.0)
iisnode for iis 7.x (x64) full (Version: 0.2.7.0)
Intel(R) Network Connections 17.4.95.0 (Version: 17.4.95.0)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250)
l Druckersoftware-Deinstallation
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
marvell 91xx driver (x32 Version: 1.2.0.1020)
Marvell Storage Utility V4 (x32 Version: 4.1.0.2013)
MemCacheD Manager (x32 Version: 1.0.3)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Filter Pack 1.0 (Version: 12.0.4518.1104)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MySQL Connector C++ 1.1.2 (Version: 1.1.2)
MySQL Connector J (x32 Version: 5.1.24)
MySQL Connector Net 6.6.5 (x32 Version: 6.6.5)
MySQL Connector/ODBC 5.2(w) (Version: 5.2.4)
MySQL Documents 5.6 (x32 Version: 5.6.11)
MySQL Enterprise Backup 3.8.2 (Version: 3.8.2)
MySQL Enterprise Monitor (x32 Version: 2.3.13.2193)
MySQL Enterprise Monitor Agent (x32 Version: 2.3.13.2193)
MySQL Examples and Samples 5.6 (x32 Version: 5.6.11)
MySQL Installer (x32 Version: 1.1.6.0)
MySQL Notifier 1.0.3 (x32 Version: 1.0.3)
MySQL Server 5.6 (Version: 5.6.11)
MySQL Workbench 5.2 CE (x32 Version: 5.2.47)
NcFTP 3.2.2 (x32)
NetBeans IDE 7.3 (x32 Version: 7.3)
Node.js (Version: 0.10.0)
Notepad++ (x32 Version: 6.4.3)
ON_OFF Charge B11.1102.1 (x32 Version: 1.00.0001)
OpenSSL 1.0.1c Light (32-bit) (x32)
OpenSSL 1.0.1e (64-bit)
OpenVPN 2.2.2 (x32 Version: 2.2.2)
ownCloud (x32 Version: 1.3.0)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
Pidgin (x32 Version: 2.10.7)
pidgin-otr 4.0.0-1 (x32 Version: 4.0.0-1)
PremiumSoft Navicat 9.1 for MySQL (x32)
PremiumSoft Navicat Premium 10.1 (x32 Version: 10.1.7)
QNAP Finder (x32 Version: 1.1.0.06280)
Qualcomm SmartNet Controller (x32 Version: 1.0.0.32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
Redis version 2.4.6.0 (Version: 2.4.6.0)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0)
ScriptFTP (x32)
SeaTools for Windows (x32 Version: 1.2.0.7)
Smart Dual Lan (x32 Version: 1.00.0000)
SYSTEM_INFO B07.1219.01 (x32 Version: 1.00.0000)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update Manager B12.0418.1 (x32 Version: 1.00.0000)
VirtualCloneDrive (x32)
Viscosity 1.4.5 (1203) (Version: 1.4.5)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Windows Internal Database (MICROSOFT##SSEE) (Version: 9.4.5000.00)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
WinSCP 5.1.5 (x32 Version: 5.1.5)
XAMPP 1.8.1 (x32)
Zend Guard - 6.0.0 (x32 Version: 5.0.0.0)
==================== Restore Points =========================
Could not list Restore Points.
==================== Scheduled Tasks (whitelisted) =============
Task: {07F5D52A-541D-49EA-9E47-E1DC0F0F2454} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500UA => C:\Users\Administrator\AppData\Local\Google\Update
\GoogleUpdate.exe [2012-12-18] (Google Inc.)
Task: {0B640635-5983-4A8F-968D-EEAD97DD2880} - System32\Tasks\htdocs Backup => C:\xampp\htdocs\backup2.bat [2013-05-22] ()
Task: {0F0C5743-83DD-4742-9381-D5AB5E9FC3BA} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {1CB625B4-0E20-4C9F-A325-B5C89152390F} - System32\Tasks\{0E500784-8FEE-4B81-96A3-9997F082C249} => G:\MasterCollection_CS6_LS4.exe No File
Task: {2C95061C-C27E-4824-81C8-8560D1D7F979} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500Core => C:\Users\Administrator\AppData\Local\Google\Update
\GoogleUpdate.exe [2012-12-18] (Google Inc.)
Task: {39D2E239-8DFB-47B7-8250-78EC016AC1AD} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {44D7AF55-E690-4A32-87C2-F37078108FED} - System32\Tasks\Microsoft\Windows\Backup\Microsoft-Windows-WindowsBackup => C:\Windows\System32\wbadmin.exe [2009-07-14] (Microsoft Corporation)
Task: {5111A68C-AFA5-4FE7-A739-B2C53EFF6DDD} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft
Corporation)
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft
Corporation)
Task: {65C92896-A8D0-469F-83A5-7A760F3482E8} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe
[2010-11-20] (Microsoft Corporation)
Task: {76A07612-5486-4150-8BD8-65898B6650A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems
Incorporated)
Task: {9DB965EB-B63C-4C86-887A-001EC3A6F194} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14]
(Microsoft Corporation)
Task: {9FF7F184-DE35-4679-B342-B0951352218C} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-
11-20] (Microsoft Corporation)
Task: {C9F2692D-1110-457E-A817-80729C170B8E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft
Corporation)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-
11-20] (Microsoft Corporation)
Task: {EB86E776-AE8B-4318-977B-A5CC8CFC7AB8} - System32\Tasks\AdobeAAMUpdater-1.0-HOMER-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
[2012-09-20] (Adobe Systems Incorporated)
Task: {EE644074-1D4A-432A-801A-840D85F9B1FD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft
Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==========
AlternateDataStreams: C:\ProgramData\Microsoft:DFjPxTZPgGbshduMJuKCFznT6EUbK
AlternateDataStreams: C:\ProgramData\Microsoft:id7ybTIBzZXq0AZAyTr
AlternateDataStreams: C:\ProgramData\TEMP:4A29ED9D
==================== Faulty Device Manager Devices =============
Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sparklabs
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Description: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/30/2013 07:43:46 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
Error: (08/30/2013 07:42:44 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
Error: (08/30/2013 07:41:42 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
Error: (08/30/2013 07:40:40 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
Error: (08/30/2013 07:39:38 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
Error: (08/30/2013 07:38:36 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
Error: (08/30/2013 07:37:34 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
Error: (08/30/2013 07:36:32 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
Error: (08/30/2013 07:35:30 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
Error: (08/30/2013 07:34:28 PM) (Source: MySQL) (User: )
Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts.
For more information, see Help and Support Center at hxxp://www.mysql.com.
System errors:
=============
Error: (08/30/2013 07:25:05 PM) (Source: Service Control Manager) (User: )
Description: Dienst "SDLService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/30/2013 07:25:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (08/30/2013 07:25:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (08/30/2013 07:25:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (08/30/2013 07:22:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/30/2013 07:22:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/30/2013 07:22:46 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}
Error: (08/30/2013 07:22:46 PM) (Source: DCOM) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}
Error: (08/30/2013 07:22:45 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (08/30/2013 07:22:40 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 16273.83 MB
Available physical RAM: 12172.5 MB
Total Pagefile: 32545.84 MB
Available Pagefile: 27208.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.47 GB) (Free:24.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Mirror) (Fixed) (Total:976.56 GB) (Free:415.02 GB) NTFS
Drive f: (Share) (Fixed) (Total:886.37 GB) (Free:32.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: F126D05F)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3F39EACD)
Partition 1: (Not Active) - (Size=977 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-30 19:47:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX4 rev.1.5 238,47GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\1\pwpdaaog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77]
.text C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77]
.text ... * 2
.text C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77]
.text C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77]
.text ... * 2
.text C:\Program Files (x86)\Subsonic\subsonic-service.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77]
.text C:\Program Files (x86)\Subsonic\subsonic-service.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77]
.text ... * 2
.text C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77]
.text C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77]
.text ... * 2
.text C:\Program Files (x86)\Subsonic\subsonic-agent.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77]
.text C:\Program Files (x86)\Subsonic\subsonic-agent.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77]
.text ... * 2
.text C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77]
.text C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77]
.text ... * 2
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\user32.dll!GetCursorPos 0000000077031218 5 bytes JMP 000000010042000a
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\user32.dll!DialogBoxIndirectParamAorW 000000007704ce54 5 bytes JMP 000000010043000a
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000076a09d0b 5 bytes JMP 000000010039000a
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000074a7451e 5 bytes JMP 000000010037000a
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000074a9535f 5 bytes JMP 000000010038000a
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000069ee11a8 2 bytes [EE, 69]
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000069ee13a8 2 bytes [EE, 69]
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000069ee1422 2 bytes [EE, 69]
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000069ee1498 2 bytes [EE, 69]
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77]
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77]
.text ... * 2
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000070dc1b41 2 bytes [DC, 70]
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000070dc1be8 2 bytes [DC, 70]
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000070dc1c20 2 bytes [DC, 70]
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000070dc1cd2 2 bytes [DC, 70]
.text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000070dc1cf2 2 bytes [DC, 70]
---- Threads - GMER 2.1 ----
Thread C:\Windows\Explorer.EXE [4624:5912] 00000000020c1de4
Thread C:\Windows\Explorer.EXE [4624:2928] 00000000027a1808
Thread C:\Windows\Explorer.EXE [4624:5764] 00000000027b49b0
Thread C:\Windows\Explorer.EXE [4624:5888] 00000000027b4410
Thread C:\Windows\Explorer.EXE [4624:1844] 00000000027b8bb0
Thread C:\Windows\SysWOW64\svchost.exe [4512:6548] 0000000072508900
Thread C:\Windows\SysWOW64\svchost.exe [4512:6552] 0000000072508260
Thread C:\Windows\SysWOW64\svchost.exe [4512:1076] 0000000072508220
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [1968] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-12-18 11:07:14) 0000000075160000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Users\Administrator\Desktop\FRST64.exe [6568] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-12-18 11:07:17) 000007fefcda0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet001\services\ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\@Parameters\0\x202e\x2764 348
Reg HKLM\SYSTEM\CurrentControlSet\services\
Reg HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764 348
Reg HKLM\SYSTEM\ControlSet003\services\ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\@Parameters\0\x202e\x2764 348
---- EOF - GMER 2.1 ----
Vielen Dank für die Hilfe! |
